Information Systems Security Manager - Intermediate LOCATION: National Capital Region - Washington, DC or Northern Virginia EXPERIENCE LEVEL: Intermediate CLEARANCE: TOP SECRET/SCI WORK ROLE DESCRIPTION: Responsible for the cybersecurity of a program, organization, system, or enclave. TASKS: T0001: Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk. T0002: Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program. T0003: Advise senior management (e.g., Chief Information Officer [CIO]) on risk levels and security posture. T0004: Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements. T0005: Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture. T0024: Collect and maintain data needed to meet system cybersecurity reporting. T0025: Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders. T0044: Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance. T0089: Ensure that security improvement actions are evaluated, validated, and implemented as required. T0091: Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment. T0092: Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s). T0093: Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level cybersecurity architecture. T0095: Establish overall enterprise information security architecture (EISA) with the organization's overall security strategy. T0097: Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed. T0099: Evaluate cost/benefit, economic, and risk analysis in decision-making process. T0106: Identify alternative information security strategies to address organizational security objective. T0115: Identify information technology (IT) security program implications of new technologies or technology upgrades. T0130: Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information. T0132: Interpret and/or approve security requirements relative to the capabilities of new information technologies. T0133: Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program. T0134: Lead and align information technology (IT) security priorities with the security strategy. T0135: Lead and oversee information security budget, staffing, and contracting. T0147: Manage the monitoring of information security data sources to maintain organizational situational awareness. T0148: Manage the publishing of Computer Network Defense guidance (e.g., TCNOs, Concept of Operations, Net Analyst Reports, NTSM, MTOs) for the enterprise constituency. T0149: Manage threat or target analysis of cyber defense information and production of threat information within the enterprise. T0151: Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards to ensure that they provide the intended level of protection. T0157: Oversee the information security training and awareness program. T0158: Participate in an information security risk assessment during the Security Assessment and Authorization process. T0159: Participate in the development or modification of the computer environment cybersecurity program plans and requirements. T0192: Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations. T0199: Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans. T0206: Provide leadership and direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities. ABILITIES: A0128: Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies. A0161: Ability to integrate information security requirements into the acquisition process; using applicable baseline security controls as one of the sources for security requirements; ensuring a robust software quality control process; and establishing multiple sources (e.g., delivery routes, for critical system elements). A0170: Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations. EDUCATION: Associate degree or higher from an accredited college or university. Prefer an accredited Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, or Computer Engineering degree; or a degree in a Mathematics or Engineering field. CERTIFICATION(S): CISSP-ISSMP or GSLC - IAT, IAM, or IASAE Level 3 J-18808-Ljbffr